Friday, October 13, 2017

Electronic Voting Machines - unsafe at any speed

The Geek With Guns recounts the recent DEFCON security conference where they had a voting machine hack-a-thon.  The carnage was brutal:
Anonymous ballots are notoriously difficult to secure but it’s obvious that the current crop of electronic voting machines were developed by companies that have no interest whatsoever in even attempting to address that problem. Many of the issues mentioned in the report are what I would call amateur hour mistakes. There is no reason why these machines should have any unprotected ports on them. Moreover, there is no reason why the software running on these machines isn’t up to date. And the machines should certainly be able to verify the code they’re running. If the electronic voting machine developers don’t understand how code signing works, they should contact Apple since the signature of every piece of code that runs on iOS is verified. 
And therein lies the insult to injury. The types of security exploits used to compromise the sample voting machines weren’t new or novel. They were exploits that have been known about and addressed for years. A cynical person might believe that the companies making these voting machines are just trying to make a quick buck off of a government contract and not interested in delivering a quality product. A cynical man might even feel the need to point out that this type of behavior is common because the government seldom holds itself or contractors accountable.
In non-technical language, it''s like they built a house without external security lights or locks on the doors and windows, and had absolutely no idea what they had for furniture so anyone who wanted could come in and take or rearrange things as they like.  Other than that, it's totes secure.

And The Geek With Guns sarcastically predicts the next big "fix" the clueless government guys are likely to propose:
Just put those voting machines in the cloud! Everything is magically fixed when it’s put in the cloud!
Because everyone is hip to the cloud, right?  All the Cool Kids are doing it, so it must be even toteser secure!  Even Hitler knows that!

No comments: